docs: prepare v0.1.0 release notes

stacknil · stacknil · commit feb8a232ece9 · 2026-03-19T00:44:19.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## v0.1.0
+
+- Added parser support for `syslog_legacy` and `journalctl_short_full` authentication log input.
+- Added rule-based detections for SSH brute force, multi-user probing, and bursty sudo activity.
+- Added parser coverage telemetry, including parsed/unparsed counts and unknown-pattern buckets.
+- Added repository automation and hardening with CI, CodeQL, pinned GitHub Actions, security policy, and Dependabot for workflow updates.
diff --git a/README.md b/README.md
@@ -7,9 +7,23 @@ C++20 defensive log analysis CLI for Linux authentication logs, with parser cove
 
 It parses `auth.log` / `secure`-style syslog input and `journalctl --output=short-full`-style input, normalizes authentication evidence, applies configurable rule-based detections, and emits deterministic Markdown and JSON reports.
 
-## Overview
+## Project Status
 
-LogLens is a defensive, public-safe repository for log parsing and detection engineering. It focuses on parser observability as well as detections: unsupported lines are surfaced as telemetry instead of being silently ignored.
+LogLens is an MVP / early release. The repository is stable enough for public review, local experimentation, and extension, but the parser and detection coverage are intentionally narrow.
+
+## Why This Project Exists
+
+Many small security tools can detect a handful of known log patterns. Fewer tools make their parsing limits visible.
+
+LogLens is built around three ideas:
+
+- detection engineering over offensive functionality
+- parser observability over silent failure
+- repository discipline over throwaway scripts
+
+## Scope
+
+LogLens is a defensive, public-safe repository for log parsing and detection engineering. Unsupported lines are surfaced as telemetry instead of being silently ignored.
 
 The project does not provide exploitation, persistence, credential attack automation, or live offensive capability.
 
diff --git a/docs/release-v0.1.0.md b/docs/release-v0.1.0.md
@@ -0,0 +1,16 @@
+# LogLens v0.1.0
+
+LogLens v0.1.0 is the first public MVP release of the repository.
+
+## Highlights
+
+- Parses Linux authentication logs in both `syslog_legacy` and `journalctl_short_full` modes.
+- Normalizes authentication evidence and applies configurable detections for SSH brute force, multi-user probing, and sudo burst activity.
+- Reports parser coverage telemetry so unsupported lines are visible instead of silently ignored.
+- Ships with deterministic Markdown and JSON reports, unit tests, CI, CodeQL, and baseline repository hardening.
+
+## Notes
+
+- This release is intentionally narrow in scope and focused on a clean, public-safe baseline.
+- Parser coverage is limited to a small set of common `sshd`, `sudo`, and `pam_unix` patterns.
+- Repository protections are designed for PR-based development with CI and CodeQL gating merges into `main`.
